Surveillance Topic Terms, p. 1
TERMS IN USE ON THE SURVEILLANCE TOPIC
Dr. Rich Edwards
Professor of Communication Studies
Baylor University
American Community Survey (ACS): This subset of the U.S. Census asks intrusive
questions such as the number of times a person has been married, whether they have a
mortgage on their home and whether they are enrolled in a health care plan. The ACS
selects a sample size of about 2.5 percent of households each year to complete the
survey. The ACS is controversial not only because of its intrusiveness, but also because
participation is mandatory – the federal government reportedly pursues participants
with phone calls, visits and threats of jail time if they refuse to complete the form.
Automated Biometric Identification System (IDENT): This is the name given to the U.S.
Department of Homeland Security’s system for storing the fingerprints and facial
recognition data for persons applying for visas, immigration benefits and the Visa
Waiver Program (VWP). The system also stores biometric data for suspected terrorists
and immigration law violators.
Big Data Research and Development Initiative: The Obama administration launched this
program in 2012, providing about $200 million with the announced purpose of
“transforming our ability to use Big Data for scientific discovery, environmental and
biomedical research, education and national security.” Six federal agencies are
involved in the initiative, led by the Defense Advanced Research Projects Agency
(DARPA) – the same agency that created the controversial Total Information
Awareness program.
Biometrics: This term refers to the use for identification purposes of any of the persistent
characteristics of the human body. Examples of biometric identification include
fingerprints, retina scans, facial recognition and DNA profiles.
Border Enforcement Security Task Forces (BEST): This Immigration and Customs
Enforcement program is designed to identify and dismantle criminal organizations
operating on or near the Mexican border. The BEST program is designed to facilitate
cooperation between U.S. and Mexican law enforcement agencies for the purpose of
shutting down drug trafficking organizations.
Boundless Informant: This is the name for a computer mining system operated by the
National Security Agency that reportedly counts the number of telephone calls and
emails that have been logged into the agency’s database. According to information
leaked by Edward Snowden, the system intercepted within a single 30-day period of
2013 more than 3 billion telephone calls and emails that originated within the United
States.
Surveillance Topic Terms, p. 2
Bullrun: According to Edward Snowden, this is the name the National Security Agency
uses for its program designed to defeat the encryption programs used by various data
storage systems. Snowden also claims that the federal government has forced U.S.based Internet companies to inset “back doors” into their encryption programs,
allowing the NSA access to read encrypted messages.
Carnivore: This is the name of a controversial system implemented by the Federal Bureau
of Investigation in 1997 to monitor email and other electronic messages from a target
user. The system has since been replaced by much more capable monitoring systems.
Church Committee: Frank Church, a U.S. Senator from Idaho, was selected to chair the
Senate Select Committee to Study Governmental Operations With Respect to
Intelligence Activities. This committee was created in 1975 to investigate the way that
the Nixon administration had used U.S. intelligence agencies to gather information on
political opponents. The disclosures from the committee report – commonly called the
“Church Report” – prompted Congress to pass the Federal Intelligence Surveillance
Act (FISA). FISA was originally designed to create a wall of separation between
foreign and domestic surveillance activities. Agencies such as the CIA and NSA were
essentially banned from conducting domestic surveillance; foreign surveillance would
be conducted under the supervision of the Foreign Intelligence Surveillance Court
(FISC). This “wall of separation” between domestic and foreign surveillance would
later be blamed for the intelligence mistakes that failed to detect the planning for the
terrorist attacks of September 11, 2001. The PATRIOT Act would later revise FISA in
such a way as to eliminate the wall separating foreign and domestic intelligence
gathering.
Communications Assistance to Law Enforcement Act (CALEA): This 1994 legislation
established the procedures by which law enforcement agencies could conduct wiretaps
on digital telephone networks. CALEA, since it was created before the recent
revolution in Internet and cell phone communication, has been criticized as incapable
of protecting contemporary communication from interception by intelligence agencies.
Consolidated Cryptologic Program: According to a recent report from the Washington
Post, the federal government’s “black budget” provides billions of dollars for this NSA
program involving a staff of approximately 35,000 computer specialists charged with
breaking encryption systems.
Cyberterrorism: Homeland security experts warn that terrorist organizations may soon
direct cyber attacks at critical infrastructures such as the electrical grid, financial
systems, telecommunication networks, municipal water supplies and even nuclear
power plants.
Surveillance Topic Terms, p. 3
Data Localization: This refers to the effort of governments to force Internet companies to
physically store data within a nation’s own borders rather than to allow the data to cross
international boundaries. The Snowden revelations have caused some countries to
distrust the security of “cloud-based” data when the servers are located in the United
States where they might be subject to NSA snooping. Some experts are concerned that
a trend toward data localization could undermine the normal functioning of the
Internet; at present, Internet messages are routed over the fastest and most efficient
routes, regardless of the geographic location of servers.
Data Mining: This term refers to the use of specialized software to send queries to huge
databases for the purpose of discovering otherwise hidden patterns and relationships.
Corporations engage in data mining in order to strategically target advertising at users
most likely to purchase their products. Governments may engage in data mining in
order to identify persons or groups perceived as threats to national security.
Domestic Communications Assistance Center: This refers to a surveillance unit in
Quantico, Virginia designed to be staffed with agents from the FBI, the U.S. Marshalls
Service and the Drug Enforcement Administration. The purpose of the center is to
support various law enforcement investigations with information gleaned from
wireless providers and social networking systems.
E-Government Act of 2002: This legislation requires federal government agencies to
provide privacy impact assessments (PIAs) for the ways that they collect, store, share
and manage information. The purpose of the Act is to enhance the protection of
personal information in government databases.
Echelon: This is a secretive data collection system based upon shared information from
intelligence agencies in the U.S., England, Canada, Australia and New Zealand. It is
thought that the system intercepts international email, fax and telephone
communications. The intelligence agencies then use supercomputers to provide
analyses of the data.
Einstein 3: This software system was designed by the United States Computer
Emergency Readiness Team (US-CERT) to identify and disable cyber threats to key
U.S. government computer networks. The U.S. Department of Homeland Security
views the program as a vital protection against cyber attack, but some privacy
advocates worry that the system is overly intrusive in its examination of private
emails and other electronic communication.
Surveillance Topic Terms, p. 4
Electronic Communications Privacy Act (ECPA): This 1986 statute has three essential
components: the Wiretap Act, designed to limit the interception of the content of
electronic communication; the Pen Register Act, to protect such metadata elements as
phone numbers called and persons contacted and the Stored Communication Act, to
regulate access to messages held in electronic storage. While the ECPA has the purpose
of protecting electronic privacy, the language of the Act is out of date. It was passed
before the advent of the Internet and has not been updated to account for changes in
how modern messages are sent, stored or retrieved.
Executive Order (EO) 12333: This order, signed by Ronald Reagan in 1981, has been
revised by every recent president. It established broad powers for the intelligence
community to conduct surveillance on persons living outside the United States. Critics
charge that this Executive Order has allowed U.S. intelligence agencies to circumvent
the requirements of Congressional and FISA Court oversight. In the course of
conducting surveillance on persons living outside the United States, intelligence
agencies may also be monitoring the international communication of U.S. citizens.
FAA Modernization and Reform Act of 2012: This legislation was designed to force the
Federal Aviation Administration (FAA) to establish regulations allowing the domestic
use of drones. Lobbying groups for farmers have been seeking permission to use
inexpensive aerial surveillance systems to examine the status of crops; businesses have
been seeking permission to use drones for everything from package delivery to aerial
photography. The FAA has taken a conservative approach, concerned about the
potential impact on commercial airline safety. Congress, however, passed the FAA
Modernization and Reform Act of 2012 requiring the FAA to allow certain uses of
drones by December of 2015.
Fair Information Principles: These principles were at the heart of the U.S. Privacy Act of
1974 and have been used as a model for the European Union’s 1995 Privacy Directive.
The seven principles are as follows: (1) Collection limitation: The collection of
personal information should be lawful, limited to that which is necessary and the
collection should be consensual were possible; (2) Data quality: The data should be
accurate, relevant and complete; (3) Purpose specification: Data should be collected for
a stated purpose and should be used only for that purpose unless there is both
disclosure and consent; (4) Security safeguards: Information collected should be
protected against loss or theft; (5) Openness: The collection, use and security of data
collected should be fully disclosed and transparent to the public; (6) Individual
participation: Individuals should be allowed to access data collected about themselves
and should be afforded a chance to correct any errors they perceive; (7) Accountability:
Those who collect and hold data should be held accountable for adherence to the above
norms.
Surveillance Topic Terms, p. 5
Familial DNA Searches: The FBI’s national DNA database can be searched by federal
and state law enforcement agencies to determine whether it can match a supplied
DNA sample to any of its stored samples. When no exact match is available, some
state law enforcement agencies are requesting what they regard as the next best thing:
a list of persons who could have a family relationship to an unidentified perpetrator.
While the federal government’s CODIS system does not currently support familial
searches, it can report “moderate matches” to a supplied sample. Some privacy
advocates believe that this type of DNA searching unfairly exposes persons to law
enforcement scrutiny.
FinCen: This is a mass surveillance system operated by the U.S. Department of the
Treasury designed to shut down the international financing of terrorism. The system
collects information on financial transfers and sends all suspicious records to the FBI
for additional investigation. The Department of the Treasury reports that it has now
sent to the FBI the records of more than 1.2 million financial transactions.
FISA Amendments Act of 2008: Many of the elements of the Foreign Intelligence
Surveillance Act of 1978 were set to expire in 2007 – especially some of the provisions
that had been added to FISA with the PATRIOT Act amendments. In 2007, Congress
passed a six-month extension of FISA with the passage of the Protect America Act.
That Act expired in February of 2008 and was replaced by the FISA Amendments Act
of 2008 (commonly referred to simply as FAA). The 2008 Amendments extended for
another 5 years the power of the NSA and other intelligence agencies to engage in the
collection and storage of massive amounts of data.
Five Eyes: This is the name of an information sharing system among the intelligence
services of five nations: United States, England, Canada, Australia and New Zealand.
This information sharing alliance dates all the way back to the World War II era.
Recently, however, “Five Eyes” has focused on compiling signals intelligence
(Internet, radio, microwave, satellite intercepts and telephone metadata) into a shared
database.
Foreign Intelligence Surveillance Act (FISA): This legislation was enacted in 1978 as a
reaction to revelations about the abuses of intelligence gathering in the Nixon
administration. A special purpose of FISA was to prohibit foreign intelligence agencies
such as the CIA and NSA from engaging in domestic surveillance. Special procedures
were established for judicial supervision of intelligence collection activities. FISA has
been modified repeatedly, most prominently with the passage of the PATRIOT Act in
2001 and the FISA Amendments Act of 2008.
Surveillance Topic Terms, p. 6
Foreign Intelligence Surveillance Court (FISC): This is the judicial oversight mechanism
established by the Foreign Intelligence Surveillance Act of 1978 (FISA). The court was
originally made up of seven judges drawn from seven different Federal District Court
circuits. The Patriot Act added four additional judges to the FISC with the provision
that at least three of them must be within 20 miles of Washington, DC; this latter
provision was designed to make certain that the judicial supervision would be available
on short notice. The members of the FISC are sitting Federal District Court judges who
are appointed by the Chief Justice of the Supreme Court.
Fourth Amendment: The text of the Fourth Amendment is as follows: “The right of the
people to be secure in their persons, houses, papers and effects, against unreasonable
searches and seizures, shall not be violated and no warrants shall issue, but upon
probable cause, supported by oath or affirmation and particularly describing the place
to be searched and the persons or things to be seized.”
Fusion Centers: The U.S. Department of Homeland Security funds more than 70 fusion
centers, designed to combine data from state and local law enforcement officials, social
media, commercial data brokers and U.S. military intelligence to watch for early
warning signs of terrorist plots.
Future Attribute Screening Technology (FAST): The U.S. Department of Homeland
Security operates this surveillance program designed to identify persons, primarily in
airport screening processes, who are acting “strangely, showing mannerisms out of the
norm or displaying extreme physiological reactions.” At present, FAST is only a
prototype program, but it has been used to identify those persons who might require
special airport screening procedures.
Global Network Initiative (GNI): This is an advocacy group urging the importance of
free expression and protection of privacy in the handling of data gathered from
Online sources. The GNI is made up of industry representatives such as Yahoo,
Google and Microsoft along with a variety of human rights groups.
Guardian Threat Tracking System: This, according to the FBI, is an “automated system
that records, stores and assigns responsibility for follow-up on counterterrorism threats
and suspicious incidents.” According to the results of an internal audit, this system
produced a list of 108,000 “potential terrorism-related threats, reports of suspicious
incidents and terrorist encounters” in a recent 3-year period.
Homegrown Violent Extremists (HVEs): This is the term that the Department of
Homeland Security uses to describe “lone wolf” terrorists – individuals who may have
no direct connection to an international terrorist group, but may nevertheless commit a
terrorist act.
Surveillance Topic Terms, p. 7
Hop: Section 215 of the PATRIOT Act allows the NSA to examine all telephone
numbers that are within 3 “hops” of a telephone number connected to a terrorist
suspect. If the FISA Court agrees that a “seed” number may belong to an international
terrorist, it will allow the intelligence agency to query its massive database of
telephone metadata to identify every telephone number in contact with the seed
number – that is the first “hop.” Suppose that this first “hop” produces 100 other
telephone numbers for investigative follow-up. If the intelligence agency makes a
second “hop” it will query the database to identify a list of all telephone numbers that
were in contact with the first 100 numbers, perhaps producing a list of 10,000 phone
numbers (100 times 100). Under extraordinary circumstances, the intelligence agency
may look at a third “hop” – meaning all telephone numbers contacted by those
10,000 numbers. By this point, the numbers are in the millions of contacts. President
Obama recently indicated that he will instruct intelligence agencies not to move
beyond two “hops” from the original seed number.
International Covenant on Civil and Political Rights (ICCPR): This is one of the
international human rights treaties that has been both signed and ratified by the United
States in 1992. This agreement has an Optional Protocol guaranteeing the right to
privacy, but the U.S. has neither signed nor ratified that Optional Protocol.
Joint Terrorism Task Forces (JTTFs): The FBI has established these task forces in each
of its 56 field offices for the purpose of investigating terrorist threats and
designing counterterrorism operations.
Metadata: This term refers to all of the information related to a telephone call or Internet
contact other than the content of the communication. Metadata includes the time of the
contact, the duration of the message, the particular email addresses or telephone
numbers contacted and sometimes the names of the persons involved in the exchange.
Minimization procedures: The Foreign Intelligence Surveillance Act (FISA) requires that
intelligence agencies utilize procedures to minimize privacy intrusions whenever they
engage in physical or electronic surveillance. Minimization remains a vague term
given that FISA fails to define exactly what intelligence agencies must do to minimize
the threat to privacy. The language of the Act says that agencies should “minimize the
acquisition and retention, and prohibit the dissemination, of nonpublicly available
information concerning unconsenting United States persons consistent with the need of
the United States to obtain, produce and disseminate foreign intelligence information.”
National Intelligence Priorities Framework (NIPF): The Intelligence Reform and
Terrorism Prevention Act of 2004 created the NIPF for the purpose of “establishing
objectives and priorities for collection, analysis, production and dissemination of
national intelligence” and “ensuring maximum availability of and access to
intelligence information within the intelligence community.” Basically, Congress
intended to create a framework to ensure that intelligence agencies are communicating
appropriate information to one another in a timely manner.
Surveillance Topic Terms, p. 8
National Security Entry-Exit Registration System (NSEERS): This is a system
maintained by the U.S. Department of Justice requiring that noncitizens from certain
Muslim and Arab countries register with the U.S. Immigration and Naturalization
Service.
National Security Letters (NSLs): The PATRIOT Act allows U.S. intelligence agencies
to issue NSLs designed to require U.S. companies to provide requested telephone
records, email subscriber information, banking or credit card records and almost any
other business record. The President’s Review Group on Intelligence and
Communications Technologies reports that the FBI issued 21,000 NSLs in 2012.
Operation Tripwire: This FBI program asks for the assistance of businesses to identify
any persons making suspicious purchases of bomb-making materials or other
weapons.
Perfect Citizen: This NSA cybersecurity program is designed to identify and neutralize
Online threats to the nation’s critical infrastructure such as utility power plants and
water supply systems.
PRISM: This program allows U.S. intelligence agencies to access emails, Facebook
posts and instant messages for the purpose of tracking foreign terrorists living
outside the United States. The NSA claims that the legal authority for this program is
contained in Section 702 of the PATRIOT Act. Some NSA critics charge that the
agency has compelled tech companies such as Google, Yahoo, Microsoft, Facebook
and Twitter to provide access to the communications stored on company servers.
Privacy Act of 1974: This legislation established 7 “Fair Information Principles” for
privacy protection. While the Act clearly established the importance of privacy, critics
charge that its general principles fail to meaningfully limit the actual practices of
federal intelligence agencies.
Protect America Act: This legislation prevented the PATRIOT Act from expiring in 2007,
but it was passed by Congress only as a 5-month stop-gap measure until a more
comprehensive extension could be crafted. The Protect America Act expired in
February 2008 when it was replaced by the Foreign Assistance Act Amendments of
2008.
Right to Financial Privacy Act (RFPA): This 1978 Act is designed to protect the
confidentiality of personal financial records by creating privacy protection for bank
records. The Act requires that federal government agencies provide individuals with a
notice and an opportunity to object before a bank or other specified institution can
disclose personal financial information to a federal government agency. The privacy
rights established in the RFPA would, however, be narrowed with the passage of the
PATRIOT Act and various other pieces of legislation designed to restrict the funding
of terrorism.
Surveillance Topic Terms, p. 9
Screening of Passengers by Observation Techniques (SPOT): This is the name of a
behavioral screening program used by the TSA to identify persons who may need
special screening before boarding an aircraft. According to a report from the U.S.
Government Accountability Office, about 3,000 TSA workers have been assigned
(since 2007) to look for suspicious behavioral clues as they observe passengers at
airline checkpoints.
Section 215: This provision of FISA, as amended by the PATRIOT Act and the FISA
Amendments Act of 2008, is also known as the “business records” provision. This
section allows intelligence agencies to collect “tangible things” that are “relevant to an
authorized investigation.” Section 215 will expire in June of 2015 unless Congress acts
to extend it.
Section 702: This section of the Foreign Intelligence Surveillance Act, as amended by
the PATRIOT Act and the FISA Amendments Act of 2008, allows for warrantless
surveillance of foreign communications conducted on U.S. soil so long as the
intelligence agency does not “intentionally target” a U.S. person. Unfortunately, the
definition of “intentionally targeting” is not very precise. The language implies that
collection of intelligence on U.S. persons is acceptable so long as the collection is
unintentional or an international terrorist is the target of the investigation.
Secure Border Initiative (SBI): This is the name of the Department of Homeland
Security program designed to strengthen immigration enforcement. The Initiative
involves increasing border patrol agents, upgrading the use of technology in aerial
surveillance and additional traffic stops in the near-border region.
Secure Border Initiative: This program is an example of the U.S. “enforcement first”
approach to immigration reform. The program involves a combination of a 670-mile
long physical border fence, virtual fencing, increased number of border patrol agents
and upgraded technology for high-tech surveillance devices on or near the border. This
program involves the expanded use of unmanned aerial vehicles (UAVs).
Secure Flight: This is the name of the TSA system designed to screen airline passenger
reservations against a list of persons on the terrorist watch list. According to data from
the Department of Homeland Security, approximately 25 persons each month are
denied airline boarding as a result of their name being listed in the Secure Flight
system.
Stringray: This refers to a law enforcement technology designed to track all of the
cellphones in a given area by mimicking the functions of a cellphone tower.
Reportedly, this “stingray” technology can detect and locate a cellphone even when the
user is not making a call.
Surveillance Topic Terms, p. 10
Terrorist Identities Datamart Environment (TIDE): The Intelligence Reform and
Terrorism Prevention Act of 2004 established this system to serve as the U.S.
government’s central repository of information on international terrorist identities.
This database feeds information to the various TSA and other federal agency terrorism
watch lists.
Total Information Awareness (TIA): This is the name of the “big data” analysis system
established by the Defense Advanced Research Projects Agency (DARPA) in the
period following the 9/11 attacks. When controversy arose over the “big brother”
implications of this data system, DARPA changed the name to “Terrorism Information
Awareness.” But Congress, reacting to public pressure, eliminated funding for this
system in August 2003. Critics charge, however, that the TIA system lives on in other
forms and using different names.
Traveler Redress Inquiry Program (DHS TRIP): This is the system operated by the
Department of Homeland Security designed to resolve problems related to improper
identification problems with the TSA terrorism watch list. Persons who are denied
boarding or are improperly detained can apply for a special identifier that can be used
to avoid similar problems on future trips.
TSA Pre-Check: The TSA has adopted this program in response to airline passenger
complaints about long delays in the security screening process. This system identifies
low risk passengers who are then allowed to pass through shorter lines with minimal
screening processes. The TSA reports that more than 18 million passengers are now
approved for the TSA Pre-Check identification.
U.S. Computer Emergency Readiness Team (US-CERT): This is the program of the U.S.
Department of Homeland Security to identify and defuse cyber threats. DHS claims
that this system has resolved approximately 190,000 cyber incidents and issued more
than 7,450 alerts. When an alert is issued, DHS can dispatch its Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) to conduct a site visit and
assist private sector companies in properly responding to the cyber threat.
United States v. Jones: In this 2012 case, the Supreme Court held that police exceeded
their legal authority by putting a GPS tracker on the car of a suspected narcotics dealer,
monitoring the individual for twenty-eight days, without first obtaining judicial
approval and a search warrant. The Court’s unanimous ruling was that the police must
obtain a search warrant before they can install GPS tracking devices on suspects'
vehicles.
Video Privacy Act (VPA): This 1988 legislation made it illegal for law enforcement
agencies to obtain a citizen’s video viewing records (from companies that rent videos)
without securing a search warrant. The key problem with the VPA is that the language
of the act is outdated; it is designed to protect checkout records from video stores and
libraries. It does not, however, protect video streaming records – a technology that was
unknown in 1988.
Surveillance Topic Terms, p. 11
Visa Security Program (VSP): The Visa Security Program is designed to interdict
criminals, terrorists and others who would exploit the legal visa process to enter the
United States and protect the United States against terrorist and criminal organizations.
XKeyscore: Edward Snowden claims that the NSA uses this system to install software
on targeted computers that will allow the agency to capture every keystroke entered
on those computers. This allegedly allows the NSA to capture the full text of emails,
to log all Google searches and to store the names of Websites visited.